Interactive Attack Demo

See how AARSM would have prevented the postmark-mcp attack in real-time. Watch our AI security monitor block malicious email exfiltration.

Live simulation of real attack prevented by AARSM

The Attack: postmark-mcp Backdoor

A trusted email tool turns malicious, silently copying all emails to an attacker-controlled server.

  • 15,000+ emails stolen daily
  • 300+ organizations affected
  • Zero detection by traditional tools

AARSM Protection

Real-time SSL interception detects and blocks malicious email destinations instantly.

  • <1 second response time
  • Zero data exfiltration
  • Immediate alert generation
🛡️ AARSM Protection Armed
AARSM Security Monitor - Live Demo
$ aarsm monitor --demo-mode
✓ Demo environment initialized
✓ Monitoring postmark-mcp process (PID: 12345)
ℹ Click "Start Attack Simulation" to begin...

How AARSM Prevents This Attack

Our multi-layer security approach catches attacks that traditional tools miss

1

SSL Interception

eBPF uprobes intercept SSL_write() calls before encryption, giving us visibility into the actual email content and headers.

SSL_write() → "bcc: phan@giftshop.club"
🚨 POLICY VIOLATION DETECTED
2

Policy Evaluation

Real-time policy engine checks email destinations against whitelist. Unauthorized BCC recipients are instantly flagged.

giftshop.club ∉ allowed_domains
Action: BLOCK + ALERT
3

Immediate Response

Network connection blocked, process terminated, and security team alerted - all within milliseconds of the attempt.

Connection: TERMINATED
Alert: SENT
Time: 0.12 seconds

The Result: Complete Protection

While 300+ organizations lost sensitive data, AARSM would have prevented every single attack.

0
Emails Exfiltrated
100%
Attack Success Rate
<1s
Response Time
Talk to Security Expert Read Full Case Study